subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through the ingestion of external data.
- Ingestion points: Implementation plans and task descriptions are read from files and passed to subagents (referenced in SKILL.md and implementer-prompt.md).
- Boundary markers: Plan text is interpolated directly into subagent prompts without specific delimiters or 'ignore' instructions for embedded data.
- Capability inventory: Subagents have extensive capabilities including writing code, executing tests, and committing to git (SKILL.md).
- Sanitization: No sanitization is performed on the ingested content; the workflow relies on review cycles and isolated workspaces (loom:using-git-worktrees) as process-level mitigations.
- [SAFE]: No other malicious patterns, such as hardcoded credentials, unauthorized network calls, or persistence mechanisms, were detected in the skill contents.
Audit Metadata